Skip to content
CD

CD #1

Sign in to view logs

CD

CD #1

Workflow file for this run

.github/workflows/cd.yml at 14779a7
---
name: CD
on:
push:
branches:
- main
paths:
- "src/**"
workflow_dispatch:
inputs:
release_type:
description: 'Release type'
required: true
default: 'Dry Run'
options:
- 'Dry Run'
- 'Release'
jobs:
version-type:
uses: ./.github/workflows/_version_type.yml
version-bump:
name: Version bump
runs-on: ubuntu-22.04
needs: version-type
outputs:
version: ${{ steps.get-version.outputs.version }}
steps:
- name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Python
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version-file: ".python-version"
- name: Install hatch
run: pip install hatch
- name: Get current version
run: echo "OLD_VERSION=$(hatch version)" >> $GITHUB_ENV
- name: Bump version
run: hatch bump ${{ needs.version-type.outputs.version }}
- name: Get bumped version
id: get-version
run: |
VERSION=$(hatch version)
echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Login to Azure - CI Subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: "bitwarden-ci"
secrets: "github-gpg-private-key,
github-gpg-private-key-passphrase,
github-pat-bitwarden-devops-bot-repo-scope"
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
with:
gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
git_user_signingkey: true
git_commit_gpgsign: true
- name: Setup git
run: |
git config --local user.email "[email protected]"
git config --local user.name "bitwarden-devops-bot"
- name: Commit version bump
env:
OLD_VERSION: ${{ env.OLD_VERSION }}
VERSION: ${{ steps.get-version.outputs.version }}
if: ${{ github.event_name == 'push' }} || ${{ inputs.release_type != 'Dry Run' }}
run: |
git commit -am "Bump version from $OLD_VERSION to $VERSION"
git tag $VERSION
git push
git push --tags
release:
name: GitHub release
runs-on: ubuntu-22.04
needs: version-bump
if: ${{ github.event_name == 'push' }} || ${{ inputs.release_type != 'Dry Run' }}
steps:
- name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Create GitHub release
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
with:
commit: ${{ github.sha }}
tag: v${{ steps.version-bump.outputs.version }}
name: Version version-bump
token: ${{ secrets.GITHUB_TOKEN }}
draft: false
deploy:
name: Deploy workflow-linter (v2)
runs-on: ubuntu-22.04
needs: version-bump
steps:
- name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Python
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version-file: ".python-version"
- name: Install hatch
run: pip install hatch
- name: Login to Azure - CI Subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Retrieve pypi api token
id: retrieve-secret
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: "bitwarden-ci"
secrets: "pypi-api-token,
pypi-test-api-token"
- name: Build
run: hatch build
- name: Publish
if: ${{ github.event_name == 'push' }} || ${{ inputs.release_type != 'Dry Run' }}
env:
HATCH_INDEX_USER: __token__
HATCH_INDEX_AUTH: ${{ steps.retrieve-secret.outputs.pypi-api-token }}
run: hatch publish
- name: Dry Run - Publish
if: ${{ github.event_name == 'workflow_dispatch' }} && ${{ inputs.release_type == 'Dry Run' }}
env:
HATCH_INDEX_USER: __token__
HATCH_INDEX_AUTH: ${{ steps.retrieve-secret.outputs.pypi-test-api-token }}
run: hatch publish -r test